Even when I set TBB's security slider to the highest level and activate all checkboxes in the security setting (where one "only" states to ), the cookie settings in Tor Browser still allow cookies to be set - just third-parties are disallowed:

Basically this means to me "Accept cookies from sites, but disallow third-party cookies." So why not disallow cookies completely?

Unless you turn off the private browsing mode, all cookies are deleted on exit. It seems to be the Tor Browser tries to strike a balance between anonymity and usability (scripts enabled by default). Since your Tor IP could change multiple times in a single browsing session, allowing cookies keeps you logged into services.
– SuperSluetherSep 2 '16 at 1:12

1

It should be noted that disabling cookies completely will make your browser fingerprint unique, and you will be easier to identify.
– SuperSluetherSep 2 '16 at 1:14

2 Answers
2

Cookies are an integral part of web functionality, it is one of the few ways that a logged in session that can reliably tracked. Without cookies you would not be able to log in to websites. So disabling them entirely would break many web experiences, like the one you just had where you posted this question, and the one I just had where I posted this answer. Without cookies the server would not know that we were who we claimed to be.

Cookies are an overt and intentional session tracking mechanism, they are by no means the only method of tracking users across sessions. They are, however, one of the only such mechanisms that serves a legitimate purpose and that provides the user a level of control over. Browsers have a litany of covert storage/retrieval methods which are as effective for "tracking" as cookies are over the duration of a session, potentially more so since the user can't configure the browser to configure explicit control over them like they can with cookies.

The fact that I can use and still use Firefox 43, which is the last version within Firefox that allows ME to select whether or not to accept 1st Party Cookies, and I can still use and visit sites, disproves the Web Functionality portion. Sites complain, but open anyway depending on what scripts I allow. Don't know why Firefox can't go back to that either. Somehow I can't paste that jpg snip into the response area. But anyone familiar with earlier versions of Firefox are well aware of that selection on the Privacy page.
It is and was stellar, and even TOR has deleted. Not sure why.